- WordPress Security Check – Plugins Could Leave Online Shoppers and Businesses Vulnerable On Cyber Monday
As American shoppers gear up for the biggest shopping weekend of the year – the perfect storm of Thanksgiving Day, Black Friday and Cyber Monday- more and more shoppers are preparing to do their purchasing online from the comfort of their homes.
In order to gain a better understanding of the potential threats posed by the hundreds of thousands of websites which utilize e-commerce plugins, the Checkmarx research lab used CxSAST, Checkmarx’s static code analysis solution, to run a scan WordPress security check of the most used WordPress e-commerce plugins in the weeks leading up to Cyber Monday.
Our research focused specifically on scanning for high-level vulnerabilities and 12 WordPress e-commerce plugins were scanned during our research which was conducted throughout the first half of November 2016.
The most notable WordPress vulnerability that came to light in 2016 is the suspected role that an unpatched version of the Revolution Image Slider WordPress Plugin played in the release of over 11.5 million documents and 2.6TB of data in the notorious Panama Papers Leak affecting Mossack-Fonseca in April 2016.
In June 2016, attackers had exploited an unpatched vulnerability in the WP Mobile Detector plug-in installed on over 10,000 websites which allowed hackers to remotely upload arbitrary files to the Web server. Many vulnerable sites were infected with porn spam doorways.
When it comes to security issues facing WordPress security, plugins should be a major concern.Businesses using WordPress e-commerce plugins take certain steps to avoid introducing risks into their websites.
Regardless of the size of your business, it’s critical to only download plugins from trusted sources, and, in this case, WordPress.org should be the only place where you download plugins as the ease of which WordPress plugins are developed makes nefarious plugins a favorite for hackers.
Since WordPress plugins are open-source, it’s possible to scan the source code with a static source code analysis solution in order to ensure that it is vulnerability free. It’s also important to ensure that all plugins stay up to date and to stay on top of any WordPress vulnerabilities through the WordPress Vulnerability Database.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.